On Sun, 7 Apr 2019 at 11:03, Rainer Deyke via Boost
I would go even further than that. If Microsoft, as an organization, feels that libraries should be compiled by with spectre mitigation by default, then it's up to the MSVC team to actually make that the default, without requiring extra command line arguments. Asking every user of MSVC to modify their build scripts in order to turn on spectre mitigation doesn't scale very well when there are millions of such users.
Hola, wait a sec here, most software doesn't need this mitigation. This mostly relates to browsers from what I understand https://en.wikipedia.org/w/index.php?title=Spectre_(security_vulnerability)&action=edit§ion=3 or local machines that are compromised [but hey, then there are simpler methods of getting your data]. degski -- *Microsoft, please kill Paint3D*